General
-
Target
e90d3150b729f9e9f8271ed964da0d14.exe
-
Size
608KB
-
Sample
211011-say8hshee8
-
MD5
e90d3150b729f9e9f8271ed964da0d14
-
SHA1
08f865e0f25ca9f7e19f04e8d437214f924c3bb8
-
SHA256
b96ae4aab134c7612bd21311ee76a7b0b0dc14af7b2e10713564e50fc739967e
-
SHA512
e60900a239117ff9959f3bed2e889814527a814fb1d00041e09c9e589fe017cf9f0f43cd54a75f5cebbbbf384ec4f0001cc94f10999a9bfcd43269d67fdba631
Static task
static1
Behavioral task
behavioral1
Sample
e90d3150b729f9e9f8271ed964da0d14.exe
Resource
win7v20210408
Malware Config
Extracted
nanocore
1.2.2.0
ella666.duckdns.org:31829
mikeljack321.ddns.net:31829
a34ced25-fb8b-4570-a6e3-066f7f9be505
-
activate_away_mode
true
-
backup_connection_host
mikeljack321.ddns.net
-
backup_dns_server
mikeljack321.ddns.net
-
buffer_size
65535
-
build_time
2021-07-12T10:54:00.175448736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
31829
-
default_group
AAA
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
a34ced25-fb8b-4570-a6e3-066f7f9be505
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
ella666.duckdns.org
-
primary_dns_server
ella666.duckdns.org
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
e90d3150b729f9e9f8271ed964da0d14.exe
-
Size
608KB
-
MD5
e90d3150b729f9e9f8271ed964da0d14
-
SHA1
08f865e0f25ca9f7e19f04e8d437214f924c3bb8
-
SHA256
b96ae4aab134c7612bd21311ee76a7b0b0dc14af7b2e10713564e50fc739967e
-
SHA512
e60900a239117ff9959f3bed2e889814527a814fb1d00041e09c9e589fe017cf9f0f43cd54a75f5cebbbbf384ec4f0001cc94f10999a9bfcd43269d67fdba631
-
Suspicious use of SetThreadContext
-